5.1. Potential problems

Sometimes, changes introduced in a new release have side-effects
we cannot reasonably avoid, or they expose
bugs somewhere else. This section documents issues we are aware of. Please also
read the errata, the relevant packages' documentation, bug reports and other
information mentioned in Section 6.1, “Further reading”.

5.1.1. Migration of disk drivers from IDE to PATA subsystem

The new Linux kernel version provides different drivers for some PATA (IDE)
controllers. The names of some hard disk, CD-ROM, and tape devices may
change.

It is now recommended to identify disk devices in configuration files by
label or UUID (unique identifier) rather than by device name, which will
work with both old and new kernel versions. Upon upgrading to the
squeeze version of the Debian kernel packages, the linux-base package will offer to do this
conversion for you in the config files for most of the filesystem-related
packages on the system, including the various bootloaders included in
Debian. If you choose not to update the system configuration
automatically, or if you are not using the Debian kernel packages, you must
update device IDs yourself before the next system reboot to ensure the
system remains bootable.

5.1.2. mdadm metadata format change requires recent Grub

The following only applies to users who want to let the grub-pc bootloader load the kernel directly off
a RAID device created with mdadm 3.x and default values, or when the metadata
version is explicitly set using -e. Specifically, this
includes all arrays created during or after the installation of Debian
squeeze. Arrays created with older mdadm versions, and
RAIDs created with the command-line option -e
0.9 are not affected.

Versions of grub-pc older than
1.98+20100720-1 will not be able to boot directly off
a RAID with the 1.x metadata formats (the new default is
1.2). To ensure a bootable system, please make sure to use grub-pc
1.98+20100720-1 or later, which is provided by Debian squeeze. An
unbootable system may be rescued with Super Grub2 Disk
or grml.

5.1.3. pam_userdb.so breakage with newer libdb

Some Berkeley Database version 7 files created with libdb3 cannot be read by
newer libdb versions (see bug #521860).
As a workaround, the files can be recreated with db4.8_load,
from the db4.8-util package.

5.1.4. Potential issues with diversions of /bin/sh

If you have previously added a local diversion for /bin/sh,
or modified the /bin/sh symlink to point to somewhere
other than /bin/bash, then you may encounter problems
when upgrading the dash or
bash packages.
Note that this includes changes made by allowing other packages (for example
mksh) to become the default system
shell by taking over /bin/sh.

If you encounter any such issues, please remove the local diversion and
ensure that the symlinks for both /bin/sh and its
manual page point to the files provided by the bash package and then
dpkg-reconfigure --force dash.

5.1.5. Change in kernel policy regarding resource conflicts

The default setting for the acpi_enforce_resources parameter in the Linux
kernel has changed to be “strict” by
default. This can lead some legacy sensor drivers to be denied access to
the sensors' hardware. One workaround is to append
“acpi_enforce_resources=lax” to the kernel
command line.

5.2. LDAP support

A feature in the cryptography libraries used in the
LDAP libraries causes programs that use
LDAP and attempt to change their effective
privileges to fail when connecting to an LDAP
server using TLS or SSL.
This can cause problems for suid programs on systems using
libnss-ldap like
sudo, su or
schroot and for suid programs that perform LDAP
searches like sudo-ldap.

It is recommended to replace the
libnss-ldap package with
libnss-ldapd, a newer library
which uses separate daemon (nslcd) for all
LDAP lookups. The replacement for
libpam-ldap is
libpam-ldapd.

Note that libnss-ldapd recommends
the NSS caching daemon (nscd)
which you should evaluate for suitability in your environment before
installing.
As an alternative to nscd you
can consider unscd.

5.3. sieve service moving to its IANA-allocated port

The IANA port allocated for ManageSieve is 4190/tcp, and the old port used
by timsieved and other managesieve software in many
distributions (2000/tcp) is allocated for Cisco SCCP usage, according to the IANA registry.

Starting with the version 4.38 of the Debian netbase package, the sieve
service will be moved from port 2000 to port 4190 in the
/etc/services file.

Any installs which used the sieve service name instead of a
numeric port number will switch to the new port number as soon as the services
are restarted or reloaded, and in some cases, immediately after
/etc/services is updated.

This will affect Cyrus IMAP. This may also affect other sieve-enabled
software such as DoveCot.

In order to avoid downtime problems, mail cluster administrators using
Debian are urged to verify their Cyrus (and probably also DoveCot) installs,
and take measures to avoid services moving from port 2000/tcp to port
4190/tcp by surprise in either servers or clients.

It is worth noting that:

/etc/services will only be automatically updated if you
never made any modifications to it. Otherwise, you will be presented with a
prompt by dpkg asking you about the changes.

You can edit /etc/services and change the
sieve port back to 2000 if you want (this is not
recommended, though).

You can edit /etc/cyrus.conf and any other relevant
configuration files for your mail/webmail cluster (e.g. on the sieve web
frontends) ahead of time to force them all to a static port number.

You can configure cyrus master to listen on both ports (2000 and 4190)
at the same time, and thus avoid the problem entirely. This also allows for
a much more smooth migration from port 2000 to port 4190.

5.4. Security status of web browsers

Debian 6.0 includes several browser engines which are affected by a
steady stream of security vulnerabilities. The high rate of vulnerabilities
and partial lack of upstream support in the form of long term branches make it
very difficult to support these browsers with backported security fixes.
Additionally, library interdepencies make it impossible to update to newer
upstream releases. As such, browsers built upon the qtwebkit and khtml engines
are included in Squeeze, but not covered by full security support. We will
make an effort to track down and backport security fixes, but in general these
browsers should not be used against untrusted websites.

For general web browser use we recommend browsers building on the
Mozilla xulrunner engine (Iceweasel and Iceape), browsers based on
the Webkit engine (e.g. Epiphany) or Chromium. Xulrunner
has had a history of good backportability for older releases over
the previous release cycles.

Chromium —while built upon the Webkit codebase— is a leaf package,
i.e. if backporting becomes no longer feasible, there's still the possibility
of upgrading to a later upstream release (which is not possible for the webkit
library itself).

Webkit is supported by upstream with a long term maintenance branch.

5.5. KDE desktop

Squeeze is the first Debian release to ship with the full support
for the next generation KDE that is based on Qt 4.
Most official KDE applications are at version 4.4.5 with the exception
of kdepim that is at version 4.4.7. You
can read the announcements from
the KDE Project to learn more about the changes.

5.5.1. Upgrading from KDE 3

KDE 3 Desktop Environment is no longer supported in Debian 6.0.
It will be automatically replaced by the new 4.4 series on upgrade.
As this is a major change, users should take some precautions in order
to ensure as smooth of an upgrade process as possible.

Important

It is discouraged to upgrade while there is an active KDE 3 session
on the system. Otherwise, the process might render the running session
dysfunctional with the possibility of data loss.

Upon the first login on the upgraded system, existing users will
be prompted with the Debian-KDE guided migration procedure called
kaboom
which will assist in the process of migrating the user's personal data
and optionally backing up old KDE configuration.
For more information, visit
the Kaboom homepage.

While KDE 3 based desktop environment is no longer supported,
users can still install and use some individual KDE 3 applications
since the core libraries and binaries of KDE 3
(kdelibs) and Qt 3 are
still available in Debian 6.0. However, please note that these
applications might not be well integrated with the new environment.
What's more, neither KDE 3 nor Qt 3 will be supported in any form in the next
Debian release so if you are using them, you are strongly advised to port your
software to the new platform.

5.5.2. New KDE metapackages

As noted earlier, Debian 6.0 introduces a new set
of KDE related metapackages:

You are strongly advised to install the
kde-standard
package for normal desktop usage.
kde-standard
will pull in the
KDE Plasma Desktop
by default, and a selected set of commonly used applications.

If you want a minimal desktop you can install the
kde-plasma-desktop
package and manually pick the applications you need. This is a rough
equivalent of the kde-minimal
package as shipped in Debian 5.0.

For small form factor devices, there is an alternative environment
called
KDE Plasma Netbook
that can be installed with the
kde-plasma-netbook package.
Plasma Netbook and Plasma Desktop can live in the same system
and the default can be configured in System Settings (replacement of the
former KControl).

If you want a full set of official KDE applications, you have the possibility
to install the kde-full package.
It will install KDE Plasma Desktop by default.

5.6. GNOME desktop changes and support

There have been many changes in the GNOME desktop environment from the version
shipped in lenny to the version in squeeze, you can find more information in the
GNOME 2.30 Release
Notes. Specific issues are listed below.

5.6.1. GDM 2.20 and 2.30

The GNOME Display Manager (GDM), is kept at version 2.20 for systems upgraded
from lenny. This version will still be maintained for the squeeze
cycle but it is the last release to do so. Newly installed systems will get
GDM 2.30 instead, provided by the gdm3
package. Because of incompatibilities between both versions, this upgrade is
not automatic, but it is recommended to install gdm3 after the upgrade to squeeze. This
should be done from the console, or with only one open GNOME session. Note
that settings from GDM 2.20 will not be
migrated. For a standard desktop system, however, simply installing
gdm3 should be enough.

5.6.2. Device and other administrative permissions

Specific permissions on devices are
granted automatically to the user currently logged on physically to the
system: video and audio devices, network roaming, power management,
device mounting. The cdrom, floppy, audio, video, plugdev and powerdev
groups are no longer useful. See the consolekit documentation for more information.

Most graphical programs requiring root permissions now rely on PolicyKit to
do so, instead of gksu. The recommended
way to give a user administrative rights is to add it to the
sudo group.

5.6.3. network-manager and ifupdown interaction

Upon upgrading the network-manager
package, interfaces configured in
/etc/network/interfaces to use
DHCP with no other options will be disabled in that
file, and handled by NetworkManager instead. Therefore the
ifup and ifdown commands will not
work. These interfaces can be managed using the NetworkManager frontends
instead, see the
NetworkManager documentation.

Conversely, any interfaces configured in
/etc/network/interfaces with more options will be
ignored by NetworkManager. This applies in particular to wireless
interfaces used during the installation of Debian (see bug #606268).

5.7. Graphics stack changes

There have been a number of changes to the X stack in Debian 6.0.
This section lists the most important and user-visible.

5.7.1. Obsolete Xorg drivers

The cyrix, imstt,
sunbw2 and vga Xorg video drivers
are no longer provided. Users should switch to a generic such as
vesa or fbdev instead.

The old via driver was no longer maintained, and has
been replaced by the openchrome driver, which will be
used automatically after the upgrade.

The nv and radeonhd drivers are
still present in this release, but are deprecated. Users should
consider the nouveau and radeon
drivers instead, respectively.

The calcomp, citron,
digitaledge, dmc,
dynapro, elo2300,
fpit, hyperpen,
jamstudio, magellan,
microtouch, mutouch,
palmax, spaceorb,
summa, tek4957 and
ur98 X input drivers have been discontinued and are
not included in this release. Users of these devices might want to
switch to a suitable kernel driver and the evdev X driver. For many
serial devices, the inputattach utility allows
attaching them to a Linux input device which can be recognized by the
evdev X driver.

5.7.2. Kernel mode setting

Kernel drivers for Intel (starting from i830), ATI/AMD (from the
original Radeon to the Radeon HD 5xxx “Evergreen” series)
and for NVIDIA graphics chipsets now support native mode setting.

5.7.3. Input device hotplug

The Xorg X server included in Debian 6.0 provides improved support
for hotplugging of input devices (mice, keyboards, tablets, …). The old
xserver-xorg-input-kbd and
xserver-xorg-input-mouse
packages are replaced by xserver-xorg-input-evdev, which requires a
kernel with the CONFIG_INPUT_EVDEV option enabled.
Additionally, some of the keycodes produced by this driver differ from
those traditionally associated with the same keys. Users of programs
like xmodmap and xbindkeys will
need to adjust their configurations for the new keycodes.

5.7.4. X server “zapping”

Traditionally, the
Ctrl+Alt+Backspace
combination would kill the X server. This combination is no longer
active by default, but can be re-enabled by reconfiguring the
keyboard-configuration package
(system-wide), or using your desktop environment's keyboard preferences
application.

5.8. Munin web path change

For squeeze, the default location for the generated web content of
munin has been changed from /var/www/munin to
/var/cache/munin/www and therefore
/etc/munin/munin.conf needs to be adapted on upgrades,
if it has been changed by the admin. If you are upgrading, please
read /usr/share/doc/munin/NEWS.Debian.gz.

5.9. Shorewall upgrade instructions

Users of the shorewall firewall
should read the instructions at http://www.shorewall.net/LennyToSqueeze.html, also available as
/usr/share/doc/shorewall-doc/html/LennyToSqueeze.html
in the shorewall-doc package, upon
upgrading to Debian 6.0.